Stuck trying to figure out PFSense / Port Fortwarding with Emby

[Lighthammer 91]

Ok, this one is a bit esoteric, I hope someone can give me some ideas.

I am currently trying to get Emby working using PFSense as my router/firewall front end --- but with a twist --- OVER CELLULAR.

Here's the topology (as best as I can textualize it, though I might break out a graphing program if it becomes necessary):

Samsung Galaxy Note 8 (using Mint) -> PFSense Box -> ASUS RT-AC5300 (running Merlin) -> Emby Server

The following things are true:

1. All devices (not just computers) have Internet Access and can see each other on the network.
2. All devices hooked to the ASUS RT-AC5300 have access to the Emby server
3. All devices on the network can navigate to BOTH the PFSense Router and ASUS Router's configuration page.
4. * I * can not connect to Emby using the external IP address.
5. Other users outside of the network (IE: From the internet) can not connect to the Emby Server.
6. Previously, using the configuration as it is now on the ASUS RT-AC5300, users outside of the network (again, IE: from the internet) while it was connected to a normal cable modem, COULD connect to the Emby server.
7. I have tried and willing to try, (and willing to try, in case it sounds like I am going "WELL IT WORKED WITH THIS BEFORE") other configurations on the ASUS Router.
8. The Samsung Note 8 CAN NOT access the Emby Server running in USB Teether mode.
9. I'm not likely to maintain IP Settings discuss below since I'm posting all this publicly for security reasons and to keep this post for historical reasons in case others need similar help in the future.

Trying to go down by device important points:

Samsung Galaxy Note Note 8:

• Unlocked
• Running official TMO Rom
• USB Tethered
• PFSense assigned it 192.168.42.X as its IP pool

PFSense Box

• Running an Intel ATOM, 250 GB HDD, 8 GB (waaaay above the needed power for PFSense)
• Phone is plugged in via USB C
• Connecting to network via internal LAN
• I have a second LAN port on it with the eventual intent on moving it over to a standalone modem, later
• PFSense assigned it to 192.168.1.1
• I have set up port forward "From ALL WANS to ALL LANs" 2 port 8096. I am hoping by doing this, it will forward internet based requests to the LANs behind the ASUS RT-AC5300.
• It set the database the default 182.168.1.100 IP.

ASUS RT-AC5300

• The PFSense box is connected to the WAN port, but it works just the same if its on a normal LAN port.
• The Network map DOES NOT show the PFSense Router connected to it. It treats it like a dumb cable modem.
• Port 8096 is forward to the Emby server
• Port Triggering setup for 8096.
• DMZ is set to the Emby Server.
• The internal IP Pool is set to 192.168.150.X

YES, I have looked at PFSense's Port Forwarding guide(s)

Any thoughts/ideas?
 

[rbjtech 5284]

Cell/Mobile networks use CGNAT - making it impossible to use standard port forwarding - as you simply do not have a 'real' public IP address to forward from.

There are ways around this - using tunnels and other remotes hosts - you'll need to use this as your 'public' facing IP - and then all traffic from that host is forwarded over a tunnel - through the CGNAT - to your local emby host.

You 'might' be able to get some of these services though the cell provider - worth asking - but out the box, 'hosting' via cell/mobile will simply not work.

[Lighthammer 91]

5 hours ago, rbjtech said:

Cell/Mobile networks use CGNAT - making it impossible to use standard port forwarding - as you simply do not have a 'real' public IP address to forward from.

This is kind of what I was trying to figure out --- weather or not there was some kind of embedded firewall or not. I've pulled apart Android quiet a bit over the years, but I never ran into this particular issue.

IS THERE ANY CHANCE if you know:

• Is there anyway to access it?
• Can I tweak the settings with Telnet / ADB?
• Is it something mostly in Stock Android or would I have more power to mess with it in /e/ or Lineage or FOSS

I am waaaaaaaaaaaay overdue to finally root my Galaxy S9. I ran into some road blocks and kind of said "I'll do it later". 6 months later its still on the backburner >.<

I planned on putting /e/ or Lineage on it.

[pwhodges 2012]

Did you read the answer above?  You will not be able to contact your server from outside if you have a cellular connection; it's not a matter of tweaking.  The only way round it is a tunnel setup of some kind.

Paul